Skip to Content
MIT Technology Review
Pandemic Technology Project

Contact tracing apps now cover nearly half of America. It’s not too late to use one.

Many states rolled out exposure notification services after covid transmissions started surging, but health experts say new apps can still help.
December 14, 2020
Woman on street looking at phone wearing face mask.Woman on street looking at phone wearing face mask.
Dmitry Parshin / Sputnik via AP

California’s exposure notification system launched statewide on December 10, which means that almost half of all Americans now live somewhere covered by an app that will warn them if they’ve been close to someone with covid-19. 

We’re watching these rollouts closely as part of our Covid Tracing Tracker, which monitors the development of contact tracing apps in the US and around the world. These apps are now operating in 19 states, as well as in Washington, DC, Guam, and Puerto Rico. A handful of other states are either in a pilot period or have said they are considering using smartphone-based exposure notifications. 

As in several other states using the system designed by Google and Apple, California’s app is embedded in the operating system of newer iPhones: you just need to switch it on in the settings menu. (Android users still need to download software, but that should be changing soon.) See our full list of state apps, below.

Can these apps help? Early in the pandemic, apps that warn about potential covid-19 exposures were promoted as a way to contain transmission, and countries like Singapore and Australia launched their services in the spring (though early adopters had problems too). But without a coordinated national effort in the US, states created a patchwork of systems that launched at staggered times and didn’t necessarily work across local borders. The first wave of US apps launched in August, months after those in other parts of the world, and in some areas they are arriving once widespread community transmission has already taken place. In California—the most populous state in the US—cases are surging, for example, and most people are under a stay-at-home order. 

At this point in the pandemic, experts say it’s too late for these apps to dramatically lower transmission on their own. But the software is still useful for keeping you personally safe and aware of when you should get tested. As vaccinations begin and cases go down again, experts say they’ll be even more important. 

“On an individual level, in fact, it’s more important now than it was three months ago, because there’s a lot more virus circulating in the community than there was three months ago,” said Rajeev Venkayya, who helped write the US’s first national strategy on pandemic preparedness in 2005.

Julie Samuels led the task force that developed New York state’s app. She puts it this way: “In American society, people are really looking for a silver bullet—for the one thing that we can do to stop covid. The way to think about the app is that it’s one more layer of protection. If it keeps even one more person from getting covid, isn’t that worth it?”

—Additional reporting by Lindsay Muscato

This story is part of the Pandemic Technology Project, supported by the Rockefeller Foundation.

Key: For each app, we identify who is producing it, and what technologies it uses. We asked five questions. Is it voluntary? In some cases, apps are opt-in—but in other places many or all citizens are compelled to download and use them. Are there limitations on how the data gets used? Data may sometimes be used for purposes other than public health, such as law enforcement—and that may last longer than covid-19. Will data be destroyed after a period of time? The data the apps collect should not last forever. If it is automatically deleted in a reasonable amount of time (usually a maximum of around 30 days) or the app allows users to manually delete their own data, we award a star. Is data collection minimized? Does the app collect only the information it needs to do what it says? Is the effort transparent? Transparency can take the form of clear, publicly available policies and design, an open-source code base, or all of these. For each question, if we can answer yes , the app gets a star. If we cannot answer yes—either because the answer is negative or because it is unknown—the rating is left blank. There’s also a field for notes that can help put things in context. In addition, we say something about the basic technology underlying the app. Here’s an explanation of the key terms. Location: Some apps identify a person’s contacts by tracking the phone’s movements (for instance, using GPS or triangulation from nearby cell towers) and looking for other phones that have spent time in the same location. Bluetooth: Some systems use “proximity tracking,” in which phones swap encrypted tokens with any other nearby phones over Bluetooth. It is easier to anonymize and generally considered better for privacy than location tracking. Google/Apple: Many apps will rely on the joint API that Apple and Google are developing. It lets iOS and Android phones communicate with each other over Bluetooth, allowing developers to build a contact tracing app that will work for both. Later the two companies plan to build this directly into their operating systems. DP-3T: This stands for decentralized privacy-preserving proximity tracing. It’s an open-source protocol for Bluetooth-based tracking in which an individual phone’s contact logs are only stored locally, so no central authority can know who has been exposed.

For each app, we document who is producing it and where it is available. We also ask five questions, guided by principles put forward by the American Civil Liberties Union.

  • Is it voluntary? In some cases, apps are opt-in—but in other places many or all citizens are compelled to download and use them.
  • Are there limitations on how the data gets used? Data may sometimes be used for purposes other than public health, such as law enforcement—and that may last longer than covid-19.
  • Will data be destroyed after a period of time? The data the apps collect should not last forever. If it is automatically deleted in a reasonable amount of time (usually a maximum of around 30 days) or the app allows users to manually delete their own data, we award a star.
  • Is data collection minimized? Does the app collect only the information it needs to do what it says?
  • Is the effort transparent? Transparency can take the form of clear, publicly available policies and design, an open-source code base, or all of these.

For each question, if we can answer yes , the app gets a star. If we cannot answer yes—either because the answer is negative or because it is unknown—the rating is left blank. There’s also a field for notes that can help put things in context.

In addition, we document the basic technology underlying the app. Here’s an explanation of the key terms.

  • Location: Some apps identify a person’s contacts by tracking the phone’s movements (for instance, using GPS or triangulation from nearby cell towers) and looking for other phones that have spent time in the same location.
  • Bluetooth: Some systems use “proximity tracking,” in which phones swap encrypted tokens with any other nearby phones over Bluetooth. It is easier to anonymize and generally considered better for privacy than location tracking.
  • Google/Apple: Many apps will rely on the joint API that Apple and Google are developing. It lets iOS and Android phones communicate with each other over Bluetooth, allowing developers to build a contact tracing app that will work for both. Later the two companies plan to build this directly into their operating systems.
  • DP-3T: This stands for decentralized privacy-preserving proximity tracing. It’s an open-source protocol for Bluetooth-based tracking in which an individual phone’s contact logs are only stored locally, so no central authority can know who has been exposed.

A public version of the underlying data is kept in a tab of this read-only spreadsheet. If you have an update, correction, or addition to the tracker, please email the relevant information to us at CTT@technologyreview.com.